Debian Bug report logs - #502772
RFP: tokentube -- integration component for LUKS and PAM

Package: wnpp; Maintainer for wnpp is wnpp@debian.org;

Reported by: Daniel Müller <zendil@gmx.net>

Date: Sun, 19 Oct 2008 15:36:01 UTC

Severity: wishlist

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, zendil@gmx.net, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#502772; Package cryptsetup. (Sun, 19 Oct 2008 15:36:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Daniel Müller <zendil@gmx.net>:
New Bug report received and forwarded. Copy sent to zendil@gmx.net, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Sun, 19 Oct 2008 15:36:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Daniel Müller <zendil@gmx.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: cryptsetup: gnome autologin user should depend on boot passsword
Date: Sun, 19 Oct 2008 17:33:10 +0200
Package: cryptsetup
Version: 2:1.0.4+svn26-1
Severity: wishlist


If a linux PC is protected by luks hard disk encryption, you have to type
two passwords: the luks boot password and the user password for the
gnome/kde session. This is sometimes annoying.

A single user could active gnome/kde auto login and type only the boot password. 

If the same computer is used by more than one user, this is not possible.

Could luks pass the key slot number or a user name associated with the key
slot number to gdm, so that the auto login user can depend on the boot
password used?

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages cryptsetup depends on:
ii  dms 2:1.02.08-1                          The Linux Kernel Device Mapper use
ii  lib 2.3.6.ds1-13etch7                    GNU C Library: Shared libraries
ii  lib 2:1.02.08-1                          The Linux Kernel Device Mapper use
ii  lib 1.2.3-2                              LGPL Crypto library - runtime libr
ii  lib 1.4-1                                library for common error values an
ii  lib 1.10-3                               lib for parsing cmdline parameters
ii  lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 universally unique id library

cryptsetup recommends no packages.

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#502772; Package cryptsetup. (Wed, 05 Nov 2008 21:18:13 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonas Meurer <jonas@freesources.org>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Wed, 05 Nov 2008 21:18:13 GMT) Full text and rfc822 format available.

Message #10 received at submit@bugs.debian.org (full text, mbox):

From: Jonas Meurer <jonas@freesources.org>
To: Daniel Müller <zendil@gmx.net>, 502772-done@bugs.debian.org
Cc: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Re: Bug#502772: cryptsetup: gnome autologin user should depend on boot passsword
Date: Wed, 5 Nov 2008 22:17:01 +0100
On 19/10/2008 Daniel Müller wrote:
> If a linux PC is protected by luks hard disk encryption, you have to type
> two passwords: the luks boot password and the user password for the
> gnome/kde session. This is sometimes annoying.
> 
> A single user could active gnome/kde auto login and type only the boot password. 
> 
> If the same computer is used by more than one user, this is not possible.
> 
> Could luks pass the key slot number or a user name associated with the key
> slot number to gdm, so that the auto login user can depend on the boot
> password used?

Hey Daniel,

If at all, your request needs to be implemented in gdm. It's not only
out of cryptsetups scope to submit/forward a passphrase, it even would
be a grave security hole if it was supported.

I cannot imagine a secure implementation for your requested
functionality at all. maybe you can do something with libpam-mount.

sorry, the wishlist request is not valid for cryptsetup, thus I'm
closing the bugreport.

greetings,
 jonas




Reply sent to Jonas Meurer <jonas@freesources.org>:
You have taken responsibility. (Wed, 05 Nov 2008 21:18:16 GMT) Full text and rfc822 format available.

Notification sent to Daniel Müller <zendil@gmx.net>:
Bug acknowledged by developer. (Wed, 05 Nov 2008 21:18:18 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#502772; Package cryptsetup. (Wed, 05 Nov 2008 22:18:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Daniel Mueller <Zendil@gmx.net>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Wed, 05 Nov 2008 22:18:08 GMT) Full text and rfc822 format available.

Message #20 received at 502772@bugs.debian.org (full text, mbox):

From: Daniel Mueller <Zendil@gmx.net>
To: 502772@bugs.debian.org
Subject: Re: Bug#502772 closed by Jonas Meurer <jonas@freesources.org> (Re: Bug#502772: cryptsetup: gnome autologin user should depend on boot passsword)
Date: Wed, 05 Nov 2008 23:14:58 +0100
Hello Jonas,

I agree that forwarding the pass phrase would be definitely a bad idea.
But  communicating the slot number to PAM oder GDM should not be a
security problem!?

I also considered to file this wish list bug directly to the pam
package. But if the pam programmers wanted to implement this suggestion,
they would depend on luks to pass the slot number.  If this is
impossible or a security problem just keep the bug closed. If you see a
way how luks could pass this information, please forward the bug to pam.

Best Regards

Daniel


Debian Bug Tracking System schrieb:
> This is an automatic notification regarding your Bug report
> which was filed against the cryptsetup package:
>
> #502772: cryptsetup: gnome autologin user should depend on boot passsword
>
> It has been closed by Jonas Meurer <jonas@freesources.org>.
>
> Their explanation is attached below along with your original report.
> If this explanation is unsatisfactory and you have not received a
> better one in a separate message then please contact Jonas Meurer <jonas@freesources.org> by
> replying to this email.
>
>
>   
>
> ------------------------------------------------------------------------
>
> Betreff:
> Re: Bug#502772: cryptsetup: gnome autologin user should depend on boot
> passsword
> Von:
> Jonas Meurer <jonas@freesources.org>
> Datum:
> Wed, 5 Nov 2008 22:17:01 +0100
> An:
> Daniel Müller <zendil@gmx.net>, 502772-done@bugs.debian.org
>
> An:
> Daniel Müller <zendil@gmx.net>, 502772-done@bugs.debian.org
> CC:
> Debian Bug Tracking System <submit@bugs.debian.org>
>
> Received:
> (at 502772-done) by bugs.debian.org; 5 Nov 2008 21:17:16 +0000
> X-Spam-Checker-Version:
> SpamAssassin 3.2.3-bugs.debian.org_2005_01_02 (2007-08-08) on
> rietz.debian.org
> X-Spam-Bayes:
> score:0.0000 Tokens: new, 41; hammy, 93; neutral, 50; spammy, 4.
> spammytokens:0.987-1--Müller, 0.987-1--müller, 0.937-+--associated,
> 0.918-+--H*c:iso-8859-1 hammytokens:0.000-+--H*r:sk:RSA AES,
> 0.000-+--gnome, 0.000-+--H*u:Mutt, 0.000-+--H*r:TLS1.0,
> 0.000-+--H*r:esmtpsa
> X-Spam-Status:
> No, score=-7.2 required=4.0 tests=AWL,BAYES_00,HAS_BUG_NUMBER
> autolearn=unavailable version=3.2.3-bugs.debian.org_2005_01_02
> Return-path:
> <jonas@freesources.org>
> Received:
> from mx01.freesources.org ([80.237.252.149]
> helo=mail01.freesources.org) by rietz.debian.org with esmtp (Exim
> 4.63) (envelope-from <jonas@freesources.org>) id 1KxpkZ-0005QL-I1;
> Wed, 05 Nov 2008 21:17:15 +0000
> Received:
> from p57a6e9ae.dip.t-dialin.net ([87.166.233.174]
> helo=resivo.wgnet.de) by mail01.freesources.org with esmtpsa
> (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from
> <jonas@freesources.org>) id 1KxpoK-0002E3-UH; Wed, 05 Nov 2008
> 21:21:09 +0000
> Received:
> from resivo by resivo.wgnet.de with local (Exim 4.69) (envelope-from
> <jonas@freesources.org>) id 1KxpkM-0005hy-Df; Wed, 05 Nov 2008
> 22:17:02 +0100
> Nachricht-ID:
> <20081105211701.GD6713@resivo.wgnet.de>
> Referenzen:
> <20081019153310.3946.94127.reportbug@zebru.starfleet>
> MIME-Version:
> 1.0
> Content-Type:
> text/plain; charset=iso-8859-1
> Content-Disposition:
> inline
> Content-Transfer-Encoding:
> 8bit
> In-Reply-To:
> <20081019153310.3946.94127.reportbug@zebru.starfleet>
> User-Agent:
> Mutt/1.5.18 (2008-05-17)
> X-SA-Exim-Connect-IP:
> 87.166.233.174
> X-SA-Exim-Mail-From:
> jonas@freesources.org
> X-SA-Exim-Version:
> 4.2.1 (built Wed, 25 Jun 2008 17:20:07 +0000)
> X-SA-Exim-Scanned:
> Yes (on mail01.freesources.org)
>
>
> On 19/10/2008 Daniel Müller wrote:
>   
>> If a linux PC is protected by luks hard disk encryption, you have to type
>> two passwords: the luks boot password and the user password for the
>> gnome/kde session. This is sometimes annoying.
>>
>> A single user could active gnome/kde auto login and type only the boot password. 
>>
>> If the same computer is used by more than one user, this is not possible.
>>
>> Could luks pass the key slot number or a user name associated with the key
>> slot number to gdm, so that the auto login user can depend on the boot
>> password used?
>>     
>
> Hey Daniel,
>
> If at all, your request needs to be implemented in gdm. It's not only
> out of cryptsetups scope to submit/forward a passphrase, it even would
> be a grave security hole if it was supported.
>
> I cannot imagine a secure implementation for your requested
> functionality at all. maybe you can do something with libpam-mount.
>
> sorry, the wishlist request is not valid for cryptsetup, thus I'm
> closing the bugreport.
>
> greetings,
>  jonas
>
>   
>
> ------------------------------------------------------------------------
>
> Betreff:
> cryptsetup: gnome autologin user should depend on boot passsword
> Von:
> Daniel Müller <zendil@gmx.net>
> Datum:
> Sun, 19 Oct 2008 17:33:10 +0200
> An:
> Debian Bug Tracking System <submit@bugs.debian.org>
>
> An:
> Debian Bug Tracking System <submit@bugs.debian.org>
>
> Received:
> (at submit) by bugs.debian.org; 19 Oct 2008 15:33:05 +0000
> X-Spam-Checker-Version:
> SpamAssassin 3.2.3-bugs.debian.org_2005_01_02 (2007-08-08) on
> rietz.debian.org
> X-Spam-Bayes:
> score:0.0000 Tokens: new, 38; hammy, 133; neutral, 48; spammy, 4.
> spammytokens:0.997-1--luks, 0.987-+--H*r:bugs.debian.org,
> 0.961-+--associated, 0.899-+--H*r:sk:rietz.d
> hammytokens:0.000-+--H*M:reportbug, 0.000-+--H*MI:reportbug,
> 0.000-+--H*x:reportbug, 0.000-+--H*UA:reportbug, 0.000-+--Severity
> X-Spam-Status:
> No, score=-12.4 required=4.0 tests=BAYES_00,FOURLA,HAS_PACKAGE,
> RCVD_IN_PBL,RCVD_IN_SORBS_DUL,SPF_FAIL,XMAILER_REPORTBUG,X_DEBBUGS_CC
> autolearn=ham version=3.2.3-bugs.debian.org_2005_01_02
> Return-path:
> <zendil@gmx.net>
> Received:
> from zc1c9.z.pppool.de ([89.61.193.201] helo=zebru.starfleet) by
> rietz.debian.org with esmtp (Exim 4.63) (envelope-from
> <zendil@gmx.net>) id 1KraHA-0004Ym-Mg for submit@bugs.debian.org; Sun,
> 19 Oct 2008 15:33:04 +0000
> Content-Type:
> text/plain; charset="us-ascii"
> MIME-Version:
> 1.0
> Content-Transfer-Encoding:
> 7bit
> Nachricht-ID:
> <20081019153310.3946.94127.reportbug@zebru.starfleet>
> X-Mailer:
> reportbug 3.31
> X-Debbugs-Cc:
> zendil@gmx.net
> Delivered-To:
> submit@bugs.debian.org
>
>
> Package: cryptsetup
> Version: 2:1.0.4+svn26-1
> Severity: wishlist
>
>
> If a linux PC is protected by luks hard disk encryption, you have to type
> two passwords: the luks boot password and the user password for the
> gnome/kde session. This is sometimes annoying.
>
> A single user could active gnome/kde auto login and type only the boot password. 
>
> If the same computer is used by more than one user, this is not possible.
>
> Could luks pass the key slot number or a user name associated with the key
> slot number to gdm, so that the auto login user can depend on the boot
> password used?
>
> -- System Information:
> Debian Release: 4.0
>   APT prefers stable
>   APT policy: (500, 'stable')
> Architecture: i386 (i686)
> Shell:  /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.18-6-686
> Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
>
> Versions of packages cryptsetup depends on:
> ii  dms 2:1.02.08-1                          The Linux Kernel Device Mapper use
> ii  lib 2.3.6.ds1-13etch7                    GNU C Library: Shared libraries
> ii  lib 2:1.02.08-1                          The Linux Kernel Device Mapper use
> ii  lib 1.2.3-2                              LGPL Crypto library - runtime libr
> ii  lib 1.4-1                                library for common error values an
> ii  lib 1.10-3                               lib for parsing cmdline parameters
> ii  lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 universally unique id library
>
> cryptsetup recommends no packages.
>
> -- no debconf information
>
>
>   




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 04 Dec 2008 07:26:38 GMT) Full text and rfc822 format available.

Bug unarchived. Request was from Josh Triplett <josh@joshtriplett.org> to control@bugs.debian.org. (Tue, 15 Mar 2011 17:27:11 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, josh@joshtriplett.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#502772; Package cryptsetup. (Tue, 15 Mar 2011 17:33:07 GMT) Full text and rfc822 format available.

Message #27 received at 502772@bugs.debian.org (full text, mbox):

From: Josh Triplett <josh@joshtriplett.org>
To: Debian Bug Tracking System <502772@bugs.debian.org>
Subject: Re: gnome autologin user should depend on boot passsword
Date: Tue, 15 Mar 2011 10:31:33 -0700
Package: cryptsetup
Version: 2:1.0.6+20090405.svn49-1
Followup-For: Bug #502772

reopen 502772
retitle 502772 Associate usernames with passphrases; provide username associated with passphrase used
thanks

This bug report seems to have gotten closed based on an incorrect
interpretation of the original report.  Reopening, retitling, and
re-requesting.

The report makes the reasonable request that since an encrypted
filesystem can have multiple passphrases associated with it, those
passphrases could have associated usernames.  Cryptsetup could then use
the passphrase provided to look up the associated username, and provide
that username to later phases of the boot process somehow, such as to
GDM to allow it to select that username for autologin.  Thus, the user
would enter their passphrase to decrypt the disk, and not need to
subsequently log in with a username and password.

That seems like a reasonable request, and it should not impact system
security in any way.

- Josh Triplett




Did not alter fixed versions and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 15 Mar 2011 17:33:17 GMT) Full text and rfc822 format available.

Changed Bug title to 'Associate a username with each passphrase; export that username for use later in the boot process' from 'cryptsetup: gnome autologin user should depend on boot passsword' Request was from Josh Triplett <josh@joshtriplett.org> to control@bugs.debian.org. (Tue, 15 Mar 2011 17:33:18 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#502772; Package cryptsetup. (Tue, 15 Mar 2011 19:27:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonas Meurer <jonas@freesources.org>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Tue, 15 Mar 2011 19:27:09 GMT) Full text and rfc822 format available.

Message #36 received at 502772@bugs.debian.org (full text, mbox):

From: Jonas Meurer <jonas@freesources.org>
To: Josh Triplett <josh@joshtriplett.org>, 502772@bugs.debian.org
Subject: Re: [pkg-cryptsetup-devel] Bug#502772: gnome autologin user should depend on boot passsword
Date: Tue, 15 Mar 2011 20:25:53 +0100
[Message part 1 (text/plain, inline)]
Hello Josh,

On 15/03/2011 Josh Triplett wrote:
> This bug report seems to have gotten closed based on an incorrect
> interpretation of the original report.  Reopening, retitling, and
> re-requesting.
> 
> The report makes the reasonable request that since an encrypted
> filesystem can have multiple passphrases associated with it, those
> passphrases could have associated usernames.  Cryptsetup could then use
> the passphrase provided to look up the associated username, and provide
> that username to later phases of the boot process somehow, such as to
> GDM to allow it to select that username for autologin.  Thus, the user
> would enter their passphrase to decrypt the disk, and not need to
> subsequently log in with a username and password.
> 
> That seems like a reasonable request, and it should not impact system
> security in any way.

I agree that this is a valid feature request. I'm not sure though
whether it should be implemented within the cryptsetup package, or in a
new package that uses and depends on cryptsetup.

I remember that Jürgen Pabel developed something very similar to your
request called tokentube (http://sourceforge.net/projects/tokentube/) I
haven't checked it for years, but it seems like the project is still
active.

Maybe you should take a look at it and rephrase the bugreport into an
ITP for tokentube if that's what you're searching for.

greetings,
 jonas
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#502772; Package cryptsetup. (Wed, 16 Mar 2011 09:33:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Harald Jenny <harald@a-little-linux-box.at>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Wed, 16 Mar 2011 09:33:07 GMT) Full text and rfc822 format available.

Message #41 received at 502772@bugs.debian.org (full text, mbox):

From: Harald Jenny <harald@a-little-linux-box.at>
To: Josh Triplett <josh@joshtriplett.org>, 502772@bugs.debian.org, pkg-cryptsetup-devel@lists.alioth.debian.org
Subject: Re: [pkg-cryptsetup-devel] Bug#502772: gnome autologin user should depend on boot passsword
Date: Wed, 16 Mar 2011 10:32:47 +0100
On Tue, Mar 15, 2011 at 10:31:33AM -0700, Josh Triplett wrote:
> Package: cryptsetup
> Version: 2:1.0.6+20090405.svn49-1
> Followup-For: Bug #502772
> 
> reopen 502772
> retitle 502772 Associate usernames with passphrases; provide username associated with passphrase used
> thanks
> 
> This bug report seems to have gotten closed based on an incorrect
> interpretation of the original report.  Reopening, retitling, and
> re-requesting.
> 
> The report makes the reasonable request that since an encrypted
> filesystem can have multiple passphrases associated with it, those
> passphrases could have associated usernames.  Cryptsetup could then use
> the passphrase provided to look up the associated username, and provide
> that username to later phases of the boot process somehow, such as to
> GDM to allow it to select that username for autologin.  Thus, the user
> would enter their passphrase to decrypt the disk, and not need to
> subsequently log in with a username and password.
> 
> That seems like a reasonable request, and it should not impact system
> security in any way.
> 
> - Josh Triplett

Dear Josh Triplett,

you may also want to check libpam-mount if this suits your needs (although it
requires some config on the machine).

Kind regards
Harald Jenny

> 
> 
> 
> _______________________________________________
> pkg-cryptsetup-devel mailing list
> pkg-cryptsetup-devel@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-cryptsetup-devel




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#502772; Package cryptsetup. (Wed, 16 Mar 2011 12:54:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Josh Triplett <josh@joshtriplett.org>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Wed, 16 Mar 2011 12:54:03 GMT) Full text and rfc822 format available.

Message #46 received at 502772@bugs.debian.org (full text, mbox):

From: Josh Triplett <josh@joshtriplett.org>
To: Harald Jenny <harald@a-little-linux-box.at>
Cc: 502772@bugs.debian.org, pkg-cryptsetup-devel@lists.alioth.debian.org
Subject: Re: [pkg-cryptsetup-devel] Bug#502772: gnome autologin user should depend on boot passsword
Date: Wed, 16 Mar 2011 05:51:46 -0700
On Wed, Mar 16, 2011 at 10:32:47AM +0100, Harald Jenny wrote:
> On Tue, Mar 15, 2011 at 10:31:33AM -0700, Josh Triplett wrote:
> > Package: cryptsetup
> > Version: 2:1.0.6+20090405.svn49-1
> > Followup-For: Bug #502772
> > 
> > reopen 502772
> > retitle 502772 Associate usernames with passphrases; provide username associated with passphrase used
> > thanks
> > 
> > This bug report seems to have gotten closed based on an incorrect
> > interpretation of the original report.  Reopening, retitling, and
> > re-requesting.
> > 
> > The report makes the reasonable request that since an encrypted
> > filesystem can have multiple passphrases associated with it, those
> > passphrases could have associated usernames.  Cryptsetup could then use
> > the passphrase provided to look up the associated username, and provide
> > that username to later phases of the boot process somehow, such as to
> > GDM to allow it to select that username for autologin.  Thus, the user
> > would enter their passphrase to decrypt the disk, and not need to
> > subsequently log in with a username and password.
> > 
> > That seems like a reasonable request, and it should not impact system
> > security in any way.
> > 
> > - Josh Triplett
> 
> you may also want to check libpam-mount if this suits your needs (although it
> requires some config on the machine).

That only applies in the case of an encrypted user home directory, not
an encrypted root partition.

- Josh Triplett




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#502772; Package cryptsetup. (Wed, 16 Mar 2011 13:33:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonas Meurer <jonas@freesources.org>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Wed, 16 Mar 2011 13:33:07 GMT) Full text and rfc822 format available.

Message #51 received at 502772@bugs.debian.org (full text, mbox):

From: Jonas Meurer <jonas@freesources.org>
To: Josh Triplett <josh@joshtriplett.org>
Cc: Harald Jenny <harald@a-little-linux-box.at>, pkg-cryptsetup-devel@lists.alioth.debian.org, 502772@bugs.debian.org
Subject: Re: [pkg-cryptsetup-devel] Bug#502772: gnome autologin user should depend on boot passsword
Date: Wed, 16 Mar 2011 14:29:32 +0100
[Message part 1 (text/plain, inline)]
Hey Josh,

On 16/03/2011 Josh Triplett wrote:
> On Wed, Mar 16, 2011 at 10:32:47AM +0100, Harald Jenny wrote:
> > On Tue, Mar 15, 2011 at 10:31:33AM -0700, Josh Triplett wrote:
> > > Package: cryptsetup
> > > Version: 2:1.0.6+20090405.svn49-1
> > > Followup-For: Bug #502772
> > > 
> > > reopen 502772
> > > retitle 502772 Associate usernames with passphrases; provide username associated with passphrase used
> > > thanks
> > > 
> > > This bug report seems to have gotten closed based on an incorrect
> > > interpretation of the original report.  Reopening, retitling, and
> > > re-requesting.
> > > 
> > > The report makes the reasonable request that since an encrypted
> > > filesystem can have multiple passphrases associated with it, those
> > > passphrases could have associated usernames.  Cryptsetup could then use
> > > the passphrase provided to look up the associated username, and provide
> > > that username to later phases of the boot process somehow, such as to
> > > GDM to allow it to select that username for autologin.  Thus, the user
> > > would enter their passphrase to decrypt the disk, and not need to
> > > subsequently log in with a username and password.
> > > 
> > > That seems like a reasonable request, and it should not impact system
> > > security in any way.
> > > 
> > > - Josh Triplett
> > 
> > you may also want to check libpam-mount if this suits your needs (although it
> > requires some config on the machine).
> 
> That only applies in the case of an encrypted user home directory, not
> an encrypted root partition.

as already written, tokentube (sf.net/project/tokentube) might be, what
you're looking for.

for sure, I meant to rephrase this bugreport into an RFP (request for
packaging), not ITP (intend to package). See the page about work-needing
and prospective packages at http://www.debian.org/devel/wnpp/ for more
information.

greetings,
 jonas
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#502772; Package cryptsetup. (Fri, 15 Apr 2011 19:39:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonas Meurer <jonas@freesources.org>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Fri, 15 Apr 2011 19:39:06 GMT) Full text and rfc822 format available.

Message #56 received at 502772@bugs.debian.org (full text, mbox):

From: Jonas Meurer <jonas@freesources.org>
To: Josh Triplett <josh@joshtriplett.org>, 502772@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: [pkg-cryptsetup-devel] Bug#502772: Bug#502772: gnome autologin user should depend on boot passsword
Date: Fri, 15 Apr 2011 21:12:52 +0200
[Message part 1 (text/plain, inline)]
reassign 502772 wnpp
retitle 502772 RFP: tokentube - integration component for LUKS and PAM
severity 502772 wishlist
noowner 502772
thanks

On 15/03/2011 Jonas wrote:
> Hello Josh,
> 
> On 15/03/2011 Josh Triplett wrote:
> > This bug report seems to have gotten closed based on an incorrect
> > interpretation of the original report.  Reopening, retitling, and
> > re-requesting.
> > 
> > The report makes the reasonable request that since an encrypted
> > filesystem can have multiple passphrases associated with it, those
> > passphrases could have associated usernames.  Cryptsetup could then use
> > the passphrase provided to look up the associated username, and provide
> > that username to later phases of the boot process somehow, such as to
> > GDM to allow it to select that username for autologin.  Thus, the user
> > would enter their passphrase to decrypt the disk, and not need to
> > subsequently log in with a username and password.
> > 
> > That seems like a reasonable request, and it should not impact system
> > security in any way.
> 
> I agree that this is a valid feature request. I'm not sure though
> whether it should be implemented within the cryptsetup package, or in a
> new package that uses and depends on cryptsetup.
> 
> I remember that Jürgen Pabel developed something very similar to your
> request called tokentube (http://sourceforge.net/projects/tokentube/) I
> haven't checked it for years, but it seems like the project is still
> active.
> 
> Maybe you should take a look at it and rephrase the bugreport into an
> ITP for tokentube if that's what you're searching for.

rephrasing the bugreport as a request for packaging for tokentube as
suggested.

greetings,
 jonas

[signature.asc (application/pgp-signature, inline)]

Bug reassigned from package 'cryptsetup' to 'wnpp'. Request was from Jonas Meurer <jonas@freesources.org> to control@bugs.debian.org. (Fri, 15 Apr 2011 19:39:10 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions cryptsetup/2:1.0.4+svn26-1 and cryptsetup/2:1.0.6+20090405.svn49-1. Request was from Jonas Meurer <jonas@freesources.org> to control@bugs.debian.org. (Fri, 15 Apr 2011 19:39:10 GMT) Full text and rfc822 format available.

Changed Bug title to 'RFP: tokentube - integration component for LUKS and PAM' from 'Associate a username with each passphrase; export that username for use later in the boot process' Request was from Jonas Meurer <jonas@freesources.org> to control@bugs.debian.org. (Fri, 15 Apr 2011 19:39:10 GMT) Full text and rfc822 format available.

Changed Bug title to 'RFP: tokentube -- integration component for LUKS and PAM' from 'RFP: tokentube - integration component for LUKS and PAM' Request was from Paul Gevers <paul@climbing.nl> to control@bugs.debian.org. (Sat, 02 Jul 2011 10:24:48 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 10:34:53 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.